Mobile malware can be used by cybercriminals to steal money from digital consumers. An example of this is fake dating apps with virtual (non-existant) prospective partners are among these apps. Through advertisements, messaging or subscription fees, these apps lure their users into giving away their money and data. Fraudulent dating apps make their users pay for premium services such as the ability to chat with (fake) female accounts. They seem to be an increasingly lucrative scam, but not much research has been done on this topic.
To gauge the extent of the fraudulent dating app ecosystem, Hu et al.’s systematic study puts forward a method for detecting these apps in Android’s mobile marketplaces. The article presents a comprehensive analysis of the identified apps’ developers, distributors, marketing gimmicks, profile accounts, and revenue.
They identified fraudulent dating apps from a collection of more than 2.5 million apps downloaded from Google Play and nine unofficial Android stores. They did this by first scanning the apps’ names and descriptions were for eleven keywords in English and Chinese. Next, their programming code was inspected for a cash transaction component. The apps were then compared to find possible cloned apps from the same developer. Finally, a sample of apps were installed and tested.
Even though 3,697 individual apps were found, many had the same server address and digital fingerprint. A high proportion of their users’ profiles were suspicious: fake users mostly shared the same 20 avatars. During their trials, male testers were eagerly contacted by various (seemingly) female service users. However, they were asked to pay a fee to be able to respond to these (fake) users. Once a conversation was started, the users’ replies became incoherent. Apps stopped responding after the tester had paid for their ‘premium’ services.
The main way romantic fraud apps were promoted to smartphone users was via ranking fraud in the Android app stores. This is made possible by fake users who post favorable reviews and give five stars ratings that push these apps to the top of the ranking list. Another way fraudulent dating apps are promoted and distributed is through advertisement networks.
At the time of the study, 967 of these apps had 2,4 billion downloads. More than 44,000 negative reviews were collected, a number that could serve as a conservative estimate of the number of victims. Approximately between 1% and 10% of these apps’ users ended up making payments. It is estimated that they spent on average between 5 and 15 US dollars per transaction. Consequently, it is considered likely that fraudulent dating apps made between 200 million and 2 billion US dollars in revenue.
Fraudulent dating apps are creating tens of thousands of victims, resulting in hundreds of millions of dollars lost.